“Encryption is not authentication” is common wisdom among cryptography experts, but it is only rarely whispered among developers whom aren’t also cryptography experts. This is unfortunate; a lot of design mistakes could be avoided if this information were more widely known and deeply understood. (These mistakes are painfully common in home-grown PHP cryptography classes and functions, as many of the posts on Crypto Fails demonstrates.)

The concept itself is not difficult, but there is a rich supply of detail and nuance to be found beneath the surface.

Encryption is the process of rendering a message such that it becomes unreadable without possessing the correct key. In the simple case of symmetric cryptography, the same key is used for encryption as is used for decryption. In asymmetric cryptography, it is possible to encrypt a message with a user’s public key such that only possessing their private key can read it. Our white paper on PHP cryptography covers anonymous public-key encryption.

Authentication is the process of rendering a message tamper-resistant (typically within a certain very low probability, typically less than 1 divided by the number of particles in the known universe) while also proving it originated from the expected sender.

Note: When we say authenticity, we mean specifically message authenticity, not identity authenticity. That is a PKI and key management problem, which we may address in a future blog post.

Encryption does not provide integrity; a tampered message can (usually) still decrypt, but the result will usually be garbage. Encryption alone also does not inhibit malicious third parties from sending encrypted messages.

Authentication does not provide confidentiality; it is possible to provide tamper-resistance to a plaintext message.

A common mistake among programmers is to confuse the two. It is not uncommon to find a PHP library or framework that encrypts cookie data and then trusts it wholesale after merely decrypting it.

Message encryption without message authentication is a bad idea. Cryptography expert Moxie Marlinspike wrote about why message authentication matters (as well as the correct order of operations) in what he dubbed, The Cryptographic Doom Principle.

We previously defined encryption and specified that it provides confidentiality but not integrity or authenticity. You can tamper with an encrypted message and give the recipient garbage. But what if you could use this garbage-generating mechanism to bypass a security control? Consider the case of encrypted cookies.

The above code provides AES encryption in Cipher-Block-Chaining mode. If you pass a 32-byte string for $key, you can even claim to provide 256-bit AES encryption for your cookies and people might be misled into believing it’s secure.

Let’s say that, after logging into this application, you see that you receive a session cookie that looks like kHv9PAlStPZaZJHIYXzyCnuAhWdRRK7H0cNVUCwzCZ4M8fxH79xIIIbznxmiOxGQ7td8LwTzHFgwBmbqWuB+sQ==.

Let’s change a byte in the first block (the initialization vector) and iteratively sending our new cookie until something changes. It should take a total of 4096 HTTP requests to attempt all possible one-byte changes to the IV. In our example above, after 2405 requests, we get a string that looks like this: kHv9PAlStPZaZZHIYXzyCnuAhWdRRK7H0cNVUCwzCZ4M8fxH79xIIIbznxmiOxGQ7td8LwTzHFgwBmbqWuB+sQ==

For comparison, only one character differs in the base64-encoded cookie (kHv9PAlStPZaZJ vs kHv9PAlStPZaZZ):

The original data we stored in this cookie was an array that looked like this:

But after merely altering a single byte in the initialization vector, we were able to rewrite our message to read:

Depending on how the underlying app is set up, you might be able to flip one bit and become and administrator. Even though your cookies are encrypted.

If you would like to reproduce our results, our encryption key was 000102030405060708090a0b0c0d0e0f (convert from hexadecimal to raw binary).

As stated above, authentication aims to provide both integrity (by which we mean significant tamper-resistance) to a message, while proving that it came from the expected source (authenticity). The typical way this is done is to calculate a keyed-Hash Message Authentication Code (HMAC for short) for the message and concatenate it with the message.

It is important that an appropriate cryptographic tool such as HMAC is used here and not just a simple hash function.

These two functions are prefixed with unsafe because they are vulnerable to a number of flaws:

To authenticate a message, you always want some sort of keyed Message Authentication Code rather than just a hash with a key.

Using a hash without a key is even worse. While a hash function can provide simple message integrity, any attacker can calculate a simple checksum or non-keyed hash of their forged message. Well-designed MACs require the attacker to know the authentication key to forge a message.

Simple integrity without authenticity (e.g. a checksum or a simple unkeyed hash) is insufficient for providing secure communications.

In cryptography, if a message is not authenticated, it offers no integrity guarantees either. Message Authentication gives you Message Integrity for free.

The only surefire way to prevent bit-rewriting attacks is to make sure that, after encrypting your information, you authenticate the encrypted message. This detail is very important! Encrypt then authenticate. Verify before decryption.

Let’s revisit our encrypted cookie example, but make it a little safer. Let’s also switch to CTR mode, in accordance with industry recommended best practices. Note that the encryption key and authentication key are different.

Now we’re a little closer to our goal of robust symmetric authenticated encryption. There are still a few more questions left to answer, such as:

Fortunately, these questions are already answered in existing cryptography libraries. We highly recommend using an existing library instead of writing your own encryption features. For PHP developers, you should use defuse/php-encryption (or libsodium if it’s available for you). If you still believe you should write your own, consider using openssl, not mcrypt.

Note: There is a narrow band of use-cases where authenticated encryption is either impractical (e.g. software-driven full disk encryption) or unnecessary (i.e. the data is never sent over the network, even by folder synchronization services such as Dropbox). If you suspect your problems or goals permit unauthenticated ciphertext, consult a professional cryptographer, because this is not a typical use-case.

If you wish to implement encrypted cookies in one of your projects, check out Halite. It has a cookie class dedicated to this use case.

If you want to reinvent this wheel yourself, you can always do something like this:

For developers without access to libsodium (i.e. you aren’t allowed to install PHP extensions through PECL in production), one of our blog readers offered an example secure cookie implementation that uses defuse/php-encryption (the PHP library we recommend).

In our previous examples, we focused on building the encryption and authentication as separate components that must be used with care to avoid cryptographic doom. Specifically, we focused on AES in Cipher Block-Chaining mode (and more recently in Counter mode).

However, cryptographers have developed newer, more resilient modes of encryption that encrypt and authenticate a message in the same operation. These modes are called AEAD modes (Authenticated Encryption with Associated Data). Associated Data means whatever your application needs to authenticate, but not to encrypt.

AEAD modes are typically intended for stateful purposes, e.g. network communications where a nonce can be managed easily.

Two reliable implementations of AEAD are AES-GCM and ChaCha20-Poly1305.

In a few years, we anticipate the CAESAR competition will produce a next-generation authenticated encryption mode that we can recommend over these two.

And most importantly: Use a library with a proven record of resilience under the scrutiny of cryptography experts rather than hacking something together on your own. You’ll be much better off for it.

Paxful Inc., a peer-to-peer bitcoin exchange, is seeing significant growth in Africa. The U.S.-based company said Africans now accounted for the largest number of people buying and selling cryptocurrency on its platform, with average monthly transactions totaling $64.5 million.

Over the past year, users from the African continent of 1.2 billion people soared by 225 percent, Ray Youssef, chief executive officer of Paxful, told South African media. Transactions on the exchange climbed 60 percent in Nigeria, Africas biggest economy, 25 percent in South Africa, the continents most sophisticated economy, and by up to 100 percent in other parts of Africa.

The adoption of bitcoin across the globe re-affirms our belief that crypto will take its place as a mainstream financial system, Youssef was quoted as saying. As has been the case with other disruptive financial tech innovations like mobile money, Africa is leading the peer-to-peer financial revolution.

Each month, more people from Africa are opening new accounts with Paxful than from any other region of the world, he explained. The surge illustrates how Africas swelling population of millennials is quickly taking to cryptocurrencies, not only to circumvent the system (dominated by monopolistic institutions such as legacy banks and the state), but also to hedge against inflation and fiat currency volatility while enjoying lower transaction costs. On average, Africas young people spend $59 each on BTC via Paxful, Youssef said.

However, the increase in adoption is in sharp contrast to the often heavy-handedness with which some African governments have responded to digital assets. This is despite the continent being a region where virtual currency is viewed by many as key to mainstreaming the 350 million unbanked adults. Zimbabwe, Zambia, Namibia and Mozambique have all banned cryptocurrency, while Kenya, Nigeria, Senegal, Uganda and South Africa have adopted a somewhat pragmatic approach.

Other datafrom peer-to-peer exchange Localbitcoins reveals that Russia dominates bitcoin trading with over a quarter of all the platforms volume, followed by Venezuela at 12.2 percent and the U.S. at 11.8 percent. African countries trail, with transactions originating from Nigeria accounting for 7.6 percent of total volume, South Africa 1.3 percent and Kenya at 0.7 percent.

Artur Schaback, chief operating officer of Paxful, said African consumers tend to use cryptocurrency to buy goods, mostly from overseas, as well as investments in promising blockchain startups.

As a company, weve learned a lot from African consumers. For instance, weve improved our mobile capabilities to cater to the widespread use of smartphones on the continent. Our experience in Africa has strengthened our capability to serve consumers regardless of geographical location or origin, he explained.

What do you think about cryptocurrency adoption in Africa? Let us know in the comments section below.

Images courtesy of Shutterstock.

Verify and track bitcoin cash transactions on ourBCH Block Explorer, the best of its kind anywhere in the world. Also, keep up with your holdings, BCH and other coins, on our market charts atSatoshis Pulse, another original and free service from Bitcoin.com.

If you are considering adopting cloud technologies and practices, you will receive a ton of different guidance about the benefits you might see.

Infrastructure and workloads

Many companies position the low initial costs and pay-as-you-go attributes as a very significant cost savings. Theyll note the considerable cost of building and operating data centers and argue for avoiding that to save money. Numbers can get astronomical depending on how you calculate them.

SaaS and cloud dev platforms

A software-as-a-service provider may discuss the savings from paying for application access versus purchasing off-the-shelf software. Software providers will add those “cloud attribute” benefits to the specifics of their software. Recently, there has been more discussion regarding the savings that cloud-based platforms can offer developers.

Speed and productivity

How much is it worth to your business if you can get a new application up and running in 30 hours rather than six to nine months? Likewise, the generic “staff productivity” doesn’t do justice to the capabilities that cloud dashboards, real-time statistics and active analytics can bring to reducing administration burden. How much does a person hour cost your company?

Risk exposure

I like to think of this simply. What is the impact if you are wrong?

When the negative impact to trying new things is low, meaning that the risk is low, you will try many more things. The more you attempt, the more successes you will have.

If you asked me how to benefit from adopting cloud services, my first question would be, “Which services?” Every user and every organization is going to get a different set of benefits. The most important thing I can suggest is to think across the spectrum. Evaluate the potential savings, but also think about the soft benefits: improved productivity, more speed and lowered risk.

As hockey great Wayne Gretzky observed, you will miss 100 percent of the shots that you dont take. How much of a benefit is it to take your shot?

In January 2018, RightScale conducted its seventh annual State of the Cloud Survey of the latest cloud computing trends, with a focus on infrastructure-as-a-service and platform-as-a-service.

Both public and private cloud adoption grew in 2018, with larger enterprises increasing their focus on public cloud. AWS is no longer the runaway leader as Azure has grown rapidly and is now a close second, especially among enterprise users. New to the survey this year is data on the large and growing spend on public cloud, which has driven cost optimization to the top of companies’ 2018 priority list. To gain control of growing spend, enterprise cloud teams are taking a stronger cloud governance role, including managing costs.

The State of the Cloud Survey is the largest survey on the use of cloud infrastructure thatis focused on cloud buyers and users, as opposed to cloud vendors. Their answers provide a comprehensive perspective on the state of the cloud today.

The survey asked 997 IT professionals about their adoption of cloud infrastructure and related technologies. Fifty-three percent of the respondents represented enterprises with more than 1,000 employees. The margin of error is 3.08 percent.

We highlight several key findings from the survey in this blog post. For the complete survey results, download the RightScale 2018 State of the Cloud Report.

Multi-Cloud Is the Preferred Strategy Among Enterprises

96 Percent of Respondents Use Cloud

More Enterprises Are Prioritizing Public Cloud in 2018

Organizations Leverage Almost 5 Clouds

Serverless Is the Top-Growing Extended Cloud Service

Enterprise Public Cloud Spend Is Significant and Growing Quickly

Enterprise Central IT Teams Shift Role to Governance and Brokering Cloud

Container Use Is Up: Docker Is Used Most Broadly While Kubernetes Grows Quickly

Use of Configuration Tools Grows, with Ansible Showing Strongest Growth

Azure Continues to Grow Quickly and Reduce the AWS Lead, Especially Among Enterprises

Private Cloud Adoption Grows Across the Board

AWS Leads in Users with 50+ VMs While Azure Grows Its Footprint Faster

How AWS, Azure, Google Cloud, and IBM Cloud Stack Up Among Enterprises

In the 12 months since the last State of the Cloud Survey, a multi-cloud strategy remains the preference among enterprises even as the percentage of enterprises who use multiple clouds dropped slightly to 81 percent vs. 85 percent in 2017. Those planning a hybrid cloud strategy fell to 51 percent (from 58 percent in 2017). However, there was a slight increase in the number of enterprises are using multiple public clouds or multiple private clouds.

Both public and private cloud adoption have increased in the last year. The number of respondents now adopting public cloud is 92 percent, up from 89 percent in 2017, while the number of respondents now adopting private cloud is 75 percent, up from 72 percent in 2017. As a result, the overall portion of respondents using at least one public or private cloud is now 96 percent.

Among enterprises, the central IT team is typically tasked with assembling a hybrid portfolio of supported clouds. This year, many more enterprises see public cloud as their top priority, up from 29 percent in 2017 to 38 percent in 2018. Hybrid cloud still leads the to-do list, but has decreased as a top priority for enterprises, declining from 50 percent in 2017 to 45 percent in 2018.

Only 8 percent of enterprises are focusing on building a private cloud, and 9 percent see their top priority as using a hosted private cloud.

On average, survey respondents are using 4.8 clouds across both public and private. Respondents are already running applications in 3.1 clouds and experimenting with 1.7 more.

A significant number of public cloud users are now leveraging services beyond just the basic compute, storage, and network services. Year over year, serverless was the top-growing extended cloud service with a 75 percent increase over 2017 (12 to 21 percent adoption). Container-as-a-service was the second highest growth rate at 36 percent (14 to 19 percent adoption). DBaaS SQL and DBaaS NoSQL were third and fourth (26 and 22 percent growth rates, respectively), but achieved this growth starting from a much larger base of use, with 35 and 23 percent adoption, respectively, in 2017.

As use of public cloud has grown, so has the amount of spend. Public cloud spend is quickly becoming a significant new line item in IT budgets, especially among larger companies. Among all respondents, 13 percent spend at least $6 million annually on public cloud while 30 percent are spending at least $1.2 million per year. Among enterprises the spend is even higher, with 26 percent exceeding $6 million per year and more than half (52 percent) above $1.2 million per year.

Enterprises are not only using a lot of public cloud, but also planning to rapidly grow public cloud spend. Twenty percent of enterprises will more than double their public cloud spend in 2018, while 71 percent will grow spend at least 20 percent.

SMBs generally have fewer workloads overall and, as a result, smaller cloud bills (half spend under $120 thousand per year). However, 13 percent of SMBs still exceed $1.2 million in annual spend.

In contrast, private cloud use will grow more slowly for all sizes of organization. Only 7 percent of each group (enterprises and SMBs) is planning to double its use in 2018. Fewer than half of enterprises (47 percent) and 35 percent of SMBs plan to grow private cloud use by more than 20 percent.

As companies adopt cloud-first strategies, they are increasingly creating a centralized cloud team or a Center of Excellence for cloud. These teams provide centralized controls, tools, and best practices to help accelerate the use of cloud while reducing costs and risk.

Overall, 44 percent of companies already have a central cloud team. Enterprises have an even stronger need for centralized governance within their larger organizations: 57 percent of enterprises already have a central cloud team with another 24 percent planning one.

Even though managing cloud costs is a top challenge, cloud users underestimate the amount of wasted cloud spend. Respondents estimate 30 percent waste, while RightScale has measured actual waste at 35 percent.

With significant wasted cloud spend, organizations are focusing on gaining control of costs. Optimizing cloud costs is the top initiative for the second year in a row, increasing from 53 percent of respondents in 2017 to 58 percent in 2018.

Despite an increased focus on cloud cost management, only a minority of companies have begun to implement automated policies to optimize cloud costs, such as shutting down unused workloads or selecting lower-cost cloud or regions. This represents an opportunity for increased efficiency and increased savings, since manual policies are difficult to monitor and enforce.

As part of adopting DevOps processes, companies often choose to implement configuration management tools that allow them to standardize and automate deployment and configuration of servers and applications. Among all respondents, Ansible and Chef are tied with 36 percent adoption each, followed by Puppet at 34 percent adoption.

In 2018, AWS continues to lead in public cloud adoption, but other public clouds are growing more quickly. Azure especially is now nipping at the heels of AWS, especially in larger companies.

And 64 percent of respondents currently run applications in AWS, up from 57 percent in 2017 (12 percent growth rate).

Among enterprises, Azure did even better. Azure increased adoption significantly from 43 percent to 58 percent (35 percent growth rate) while AWS adoption in this group increased from 59 percent to 68 percent (15 percent growth rate). Among other cloud providers that were included in the survey last year, all saw increased adoption this year with Oracle growing fastest from 5 to 10 percent (100 percent growth rate), IBM Cloud from 10 to 15 percent (50 percent growth rate), and Google from 15 to 19 percent (27 percent growth rate).

Enterprise respondents with future projects (the combination of experimenting and planning to use) show the most interest in Google (41 percent).

In contrast to last years survey when we saw private cloud adoption flatten, the 2018 survey shows that adoption of private cloud increased across all providers.

Overall, VMware vSphere continues to lead with 50 percent adoption, up significantly from last year (42 percent). This includes respondents who view their vSphere environment as a private cloud whether or not it meets the accepted definition of cloud computing. OpenStack (24 percent), VMware vCloud Director (24 percent), Microsoft System Center (23 percent), and bare metal (22 percent) were all neck and neck. Azure Stack was in the sixth slot, but showed the highest percentage of respondents that were experimenting or planning to use the technology.

The cloud adoption numbers cited previously indicate the number of respondents that are running any workloads in a particular cloud. However, it is also important to look at the number of workloads or VMs that are running in each cloud. The following charts show the number of VMs being run across the top public and private clouds.

Among all respondents, 15 percent of respondents have more than 1,000+ VMs in vSphere as compared to 10 percent in AWS.

However, AWS leads in respondents with more than 50 VMs, (47 percent for AWS vs. 37 percent for VMware). In third position, Azure shows stronger growth, increasing respondents of more than 50 VMs from 21 to 29 percent.

While public cloud found its initial success in small forward-thinking organizations, over the past few years the battle has now shifted to larger enterprises. AWS has been moving quickly to address the needs of enterprises, and Microsoft has been working to bring its enterprise relationships to Azure. Google and IBM are also focusing on growing their infrastructure-as-a-service lines of business and continue to increase adoption.

The following public cloud scorecard provides a quick snapshot showing that AWS still maintains a lead among enterprises with the highest percentage adoption and largest VM footprint of the top public cloud providers. However, Azure is showing strength by growing much more quickly on already solid adoption numbers. IBM and Google are growing strongly as well but on a smaller base of users.

The 2018 State of the Cloud Survey shows that multi-cloud remains the preferred strategy. Almost every organization is using cloud at some level, with both public and private cloud adoption growing. On average, companies using or experimenting with nearly five public and private clouds with a majority of workloads now running in cloud.

However, public cloud is increasingly becoming the top focus among enterprises and, as a result, public cloud use is growing more quickly with the addition of new customers, an increase in workloads, and an increase in the number of services used.

This expansion in cloud use is driving public cloud spend higher, with large increases expected in 2018. Cost was the number one cloud challenge for intermediate and advanced cloud users. As a result, spend continues to be the top initiative for 2018 as even more organizations are turning their efforts to cost optimization efforts. There is still much room for improvement as 35 percent of cloud bills are wasted due to inefficiencies, and few organizations have yet implemented automated policies to help address these issues.

Enterprise central IT teams are taking a stronger role in cloud adoption, creating central cloud teams or a Center of Excellence. The role of these central teams is focused on cost management and governance as well as advising business units on workloads that should move to cloud. However, business units seek stronger autonomy, except in the area of cost optimization where they look to the central IT team for assistance.

The use of DevOps continues to increase, driving further adoption of container and configuration tools. Docker grew strongly again this year, and Kubernetes showed even stronger growth as a container orchestration solution. Many users are also adopting container-as-a-service offerings from AWS, Azure, and Google.

AWS still leads in public cloud adoption but Azure continues to grow more quickly and gains ground, especially with enterprise customers. Among enterprise cloud beginners, Azure is slightly ahead of AWS. Google maintains the third position, and VMware Cloud on AWS did well in its first year of availability. Adoption of Oracle Cloud is still small, but is growing well in the enterprise.

Cloud provider revenue is driven not just by adoption (percentage of companies using the cloud), but also the number of workloads (VMs) deployed, and the use of other extended cloud services.

Respondents continue to run more VMs in AWS than in other public clouds. However, Azure is growing quickly here as well to reduce AWSs lead.

VMware vSphere continues to lead as a private cloud option (both in adoption and number of VMs) followed by VMware vCloud Director. OpenStack is third, but Azure Pack (sixth place). stands out with the strongest interest level.

Download the RightScale 2018 State of the Cloud Report for the complete survey results.

Use of Charts and Data In This Report

We encourage the re-use of data, charts, and text published in this report under the terms of this Creative Commons Attribution 4.0 International License. You are free to share and make commercial use of this work as long as you attribute the RightScale 2018 State of the Cloud Report as stipulated in the terms of the license.

The need for a faster, friendlier and more decentralized blockchain has led investors to a variety of exchanges this year, searching for viable returns. And while most of the internet chatter on our favorite media sites continues to focus on the loudest competitors in the space (think Tron (TRX) and EOS (EOS) as examples) an exciting crypto-alternative may have slipped past your radar. GoChain (GO) is now getting the attention it deserves as this little-known altcoin consistently leads the market in daily gains.

Announced in February of this year (2018), this blockchain concept, developed to rival Ethereum, quickly made its way to a number of exchanges (includingBinance, where most of this altcoins trading of is done). Since the announcement, a continuous onslaught of positive news and market gains has excited the industry as its competitors stagnate in the current market doldrums we all have experienced.

So, what is GoChain (GO) exactly?

GoChain (GO), whose mainnet was successfully launched earlier this year, is billed as an energy efficient alternative to Ethereum. It is a smart contract platform for dApps with the promise of faster transactions (a lot faster) and increased decentralization. According to their website, GoChain (GO) can provide 1300 transactions per second (compared to Ethereums 13) and can do so with greater decentralization, due to a global network of nodes operated by independent users of the platform.

While these talking-points may sound similar to the rhetoric commonly touted by better-known competitors of the Ethereum killer space, GoChain (GO) has a number of characteristics that investors have started paying closer attention to.

GoChain (GO) is ranked 131 on coinmarketcap.com, and boasts a market capitalization of just under US $40 Million. With its daily volume surpassing US $2.6 Million, there seems to be a lot of room to grow. The price point on this newest crypto darling is still stunningly attractive, hovering near US $.06, despite the 1.02 Billion coins that make up the total supply. In a market surrounded by unicorn valuations (companies with a market cap valued over US $1 Billion) there is a concerted effort by savvy investors to place their fiat in smaller companies, like GoChain (GO), that still have potential to expand.

But what recent developments have the market excited about GoChain (GO)?

October was a busy month for GoChain (GO) as the company exerted its strengths at the annual SanFrancisco Blockchain Week conference. Immediately after the successful conclusion of the conference, the company capitalized on their PR blitz with the announcement of the first decentralized exchange, GODDEX, to be built on the GoChain platform.

GoChain (GO) has started November off with a bang as well, as the company announces a new partnership with LINKCHAIN, a secure supply chain sourcing solution. LINKCHAIN will build its platform on $GO, launching GoChains first security token offering (STO).

GoChain will be providing marketing and fundraising support to LINKCHAIN while assisting in the development of this blockchain-based supply chain solution.

With momentum building and a consistent track record of performance backing the team, GoChain (GO) stands ready to take their platform to the next level. And with the current news of their newest partnership, investors will likely clamor to take advantage of the current price point before this thing explodes in a brand new bull run. And as we watch Gochain (GO) make consistent gains in the near term, we should all be asking ourselves just how far this altcoin could $GO.

For real-time trade alerts and a daily breakdown of the crypto markets, sign up forElite membership!

Disclaimer: This article should not be taken as, and is not intended to provide, investment advice. Global Coin Report and/or its affiliates, employees, writers, and subcontractors are cryptocurrency investors and from time to time may or may not have holdings in some of the coins or tokens they cover. Please conduct your own thorough research before investing in any cryptocurrency and read our fulldisclaimer.

While setting up your Trezor device, you’ll be prompted to install the “Trezor Bridge”. This is a simple application for your computer that will allow your hardware wallet to communicate with the Trezor web wallet interface. Aside from installing the program, you should never even notice it again, so long as you’re using the same computer. New computers you want to use will also need to install the bridge.

After setting up the bridge, you’ll be able to fully interact with the Trezor web wallet interface. The wallet allows you to seamlessly switch between different supported coin wallets. With the exception of Ethereum, Ethereum Classic, and NEM, you can view your balances, send transactions, and view your addresses for receiving transfers all from this one page.

Ethereum, Ethereum Classic, and NEM are unique in the way they operate. For these cryptocurrencies, Trezor has been integrated with third-party wallets. This means you get all of the security benefits of Trezor but can’t use these coins’ wallets directly from Trezor’s web interface.

With that said, we still find the Trezor’s approach to these altcoins more user-friendly than Ledger’s app system (which we’ll get to just below).

For example, when you click on “Ethereum (ETH)” in the drop-down menu, you’ll see the following pop up to use MyEtherWallet or GoCrypto’s Ethereum wallet. You can also navigate to these sites directly.

Once at MyEtherWallet, you can select to connect your Trezor device.

After connecting to MyEtherWallet, you can then use your Ethereum addresses to send and receive transactions. Note that you can also use MyEtherWallet in combination with Trezor to store all ERC-20 tokens.

Ledger

Ledger devices use “Ledger Live”, Ledger apps, and some third-party wallet integrations. For those who have used the old Ledger app manager, Ledger live is a big step up for changing between wallets. As the name implies, Ledger Live allows you to view your account balances without having your hardware wallet connected, a feature lacking from Trezor.

What we find most annoying about the Ledger system is the fact that you have to open apps from your device. This means using the hardware every time you want to switch between which wallet apps you’re using. While this might sound like a minor inconvenience, it may become super frustrating over time. It’s especially cumbersome if you’re used to Trezor’s seamless switching between wallets.

This shortcoming mostly affects users of the Nano S, as the Blue’s touchscreen makes switching between wallets less of a hassle.

All hardware wallets in this guide require users to enter a PIN code to access their device. In a similar vein to the above annoyance, Ledger hardware wallets can be a pain to access. Whereas Trezors have you enter a PIN code on your computer (from an array of numbers shown on the devices), Ledger devices require you to enter your PIN on the hardware itself.

Pin Entry on Ledger Nano S vs Trezor

Again, this is less of an issue for the Ledger Blue, as it’s easier to interact with the Blue’s touchscreen, compared to the Nano’s two button set up.

It’s important to note that Ledger’s lackluster system is at least partially due to the large number of currencies it supports and its team’s dedication to security.

KeepKey

KeepKey uses a simple chrome app for accessing your wallets. While KeepKey boasts even fewer supported cryptocurrencies than Trezor, it offers a pretty great overall user experience for the coins it does support. Unlike the Nano S, we did not have any major frustrations with the KeepKey.

Ledger Nano S

Despite the Ledger Nano S having some annoyances, it’s hard to argue this is not the best hardware wallet available. At $99.99, the Nano S is the cheapest hardware wallet while simultaneously offering the most supported cryptocurrencies.

For many, the Nano S is a no brainer just based off of these facts. It’s essentially a necessity for altcoin holders, even including popular altcoins like Ripple, Stellar, and Tron.

Even for those who are new to crypto and haven’t yet entered into the altcoin waters, you may want to prepare for your seemingly inevitable entry into these markets by opting for the Nano S.

Trezor One & Trezor Model T

The Trezor One (89 ($106) is a tried and true hardware wallet, with a user experience we find better than the Ledger. If you don’t need the coin support of Ledgers, then we personally would recommend the Trezor One for this reason. If the roughly $6 difference in price is a deal breaker for you, then you might want to hold off on even purchasing a hardware wallet until you have a larger investment to protect.

Now if you’re determined to own a touchscreen hardware wallet, the Model T offers one for about $100 cheaper than the Ledger Blue (~$170 vs $269.99), though it’s significantly less pleasing on the eyes. Despite this, it does still offer the touchscreen convenience and slight security benefits while still being able to fit on your keychain.

Ledger Blue

Two words come to mind when looking at the Ledger Blue: “cool” and “unnecessary”. For those crypto ballers out there who don’t mind shilling out $269.99 for a hardware wallet with less coin support than it’s $99.99 counterpart, we see no reason not to.

That being said, the Blue does function as a very easy-to-use choice that offers more coins than non-ledger competitors.

You may hear people use the term encryption and how you should use it to protect yourself and your information. However, encryption can be confusing and you should understand its limitations. In this newsletter, we explain in simple terms what encryption is, how it protects you, and how to implement it properly.

You have a tremendous amount of sensitive information on your devices, such as personal documents, pictures, and emails. If you were to have one of your devices lost or stolen, all of your sensitive information could be accessed by whoever possesses it. In addition, you may conduct sensitive transactions online, such as banking or shopping. If anyone were to monitor these activities, they could steal your information, such as your financial account or credit card numbers. Encryption protects you in these situations by helping ensure unauthorized people cannot access or modify your information.

Encryption has been around for thousands of years. Today, encryption is far more sophisticated, but it serves the same purpose — to pass a secret message from one place to another by ensuring only those authorized to read the message can access it. When information is not encrypted, it is called plain-text. This means anyone can easily read or access it. Encryption converts this information into a non-readable format called cipher-text. Todays encryption works by using complex mathematical operations and a unique key to convert your information into cipher-text. The key is what locks or unlocks your information. In most cases, your key is a password or passcode.

In general, there are two types of data to encrypt: data at rest (such as the data stored on your mobile device) and data in motion (such as retrieving email or messaging a friend).

Encrypting data at rest is vital to protect information in case your computer or mobile device is lost or stolen. Todays devices are extremely powerful and hold a tremendous amount of information, but are also very easy to lose. In addition, other types of mobile media can hold sensitive information, such as USB flash drives or external hard drives. Full Disk Encryption (FDE) is a widely used encryption technique that encrypts the entire drive in your system. This means that everything on the system is automatically encrypted for you; you do not have to decide what or what not to encrypt. Today, most computers come with FDE, but you may have to manually turn it on or enable it. It is called FileVault on Mac computers, while on Windows computers, depending on the version you have, you can use Bitlocker or Device Encryption. Most mobile devices also support FDE. iOS on iPhones and iPads automatically enable FDE once a passcode has been set. Starting with Android 6.0 (Marshmallow), Google is requiring FDE be enabled by default, provided the hardware meets certain minimum standards.

Information is also vulnerable when it is in transit. If the data is not encrypted, it can be monitored, modified, and captured online. This is why you want to ensure that any sensitive online transactions and communications are encrypted. A common type of online encryption is HTTPS. This means all traffic between your browser and a website is encrypted. Look for https:// in the URL, a lock icon on your browser, or your URL bar turning green. Another example is when you send or receive email. Most email clients provide encrypted capabilities, which you may have to enable. A third example of encrypting data in transit is between two users chatting with each other, such as with iMessage, Wickr, Signal, WhatsApp, or Telegram. Apps like these use end-to-end encryption, which prevents third parties from accessing data while its transferred from one end system or device to another. This means only you and the person youre communicating with can read what is sent.

To be sure you are protected when using encryption, it is paramount that you use it correctly:

OUCH! newsletter is under the Creative Commons license. You are free to share / distribute it but may not sell or modify it.

These days you cant be too careful with your computer security setup. With more and more of our daily transactions happening online, its very important to ensure that your computer is protected from the wide array of threats that are circulating on the internet.

In thisAvast Internet Securityreview we cover one of the more popular software programs designed to protect your computer. We get a lot of emails from people asking whether or not this software is worth the cost, so we figured an in-depth review was in order.

A quick note about versions: this review covers Avast Internet Security, which is a step above Avast Free Antivirus. There are also upgraded versions called Avast Premier and Avast Ultimate, which have more features included.

Editors note: We bought this software with our own money and have not been asked by Avast to write this review.

I want to lead with my overall impressions of Avast Internet Security for those who dont want to read a long article then you can drill down and read about all the features in the rest of the review below if you so desire.

Overall I wasnt expecting to be thrilled with Avast Internet Security due to a botched installation when I first installed the software, but my opinion drastically changed once I reinstalled it and found it was working swimmingly.

I actually had more fun than I usually do when reviewing these security software suites because Avast is easy to use, intuitive, and has quite a few bells and whistles that you wont find in other security solutions. I also found their whimsical online and in-program help documentation to be refreshing.

Avast Internet Security is the basic version, a step up from the Avast Free Antivirus. However even this basic level software packs a lot of utilities.

Avasts support was responsive and helpful when I had an issue connecting my online account with my software, and the help and documentation on the website is very well laid out and clear.

Pros:

Cons:

I highly recommend this software as a virus and malware solution. Theres a lot of debate on the internet over which security suite is better, however Avast continues to be highly recommended by many computer professionals. No software will be 100% perfect, so if Avast has the features that you want its a great lightweight solution for protecting your data.

Get Avast Internet Security

Avast was a quick download and install on my Microsoft Surface Pro 4 running Windows 10. The installation was a touch slower than other security apps Ive used, but that could be due to a slightly slower speed of internet as I was working remotely at the time.

After installation I ran the Smart Scan, and the program finished in about 6-7 minutes. The results were interesting as the software scans more than just for malware and viruses. It also found three software programs that needed updates (and allowed me to update them right from the dashboard), and pointed out that the coffee shops WiFi password was weak.

The scan is pretty typical of most security software suites. You can customize the scan in the settings to scan for only the things you want it to for example, you can disable scanning for software updates if you so desire.

Its important to know if your antimalware and antivirus software tools are up to snuff. The good news is that Avast consistently gets top scores in the AV Comparatives monthly score tallies. AV Comparatives is an independent group that tests the top computer security software tools.

You can check out their results here.

Avast Internet Security and all of the other software tools in their library of programs are very intuitive and easy to use. Each setting has a large icon-centric button, and each feature has a small i that you can click that explains the features functionality and uses. This is helpful because even the basic Internet Security program comes with a lot of bells and whistles to play with.

Most computer users will find using Avast to be easy to use and almost fun in fact its the most fun security suite Ive tested. I cant quite put my finger on why, I think its the simplicity and intuitive way everything is laid out.

The black on black color scheme is also a nice touch, making the software feel very updated and modern.

Avast notified me that I had 13 passwords stored in my internet browser, and it asked me to start using Avast Passwords, a password keeping system. I actually use LastPass for that right now, but it seems like a good option for someone who doesnt have a password solution yet. For those who dont know, these password solutions are a great way to enable yourself to use unique and difficult passwords for all of your sites so you dont get caught with your pants down by using the same password for all your sites (something I used to do and I had a minor panic attack when someone hacked my Facebook account and got that password and my email).

You also have the option of storing credit card numbers as well with the ability to auto-fill them when online shopping.

Avast Passwords also has a cool feature called Secure Notes where you can safely store small secure things. Need a place to store your security key for your 2 Factor Authentication app? This could be a good place, instead of a notepad file somewhere on your computer or even writing it down on a paper that could get lost. Lets face it, every once in a while we need to keep a secure number on hand.

After taking my Surface Pro to the coffee shop to do some additional work and continue testing Avast, the software popped up notifying me that I had connected to a new WiFi network. It then gave me the option to scan the network, which scanned the router, and all the devices connected to it meaning ALL the various laptops and phones that were on the network. I dont suspect this coffee shop to be a hotbed of hacker activity, so it was not surprising to find that all the devices came up clean.

This feature is useful for detecting problematic devices that might be on a public network scanning it for activity. Im not usually that paranoid but you can never be too careful. This is useful, however, if you want to do some banking or personal transactions on a public network and want to scan it before using it.

Avast Internet Security has quite a thorough settings menu, where you can tinker with excluded software, customize the Smart Scan, and do so much more. There is really too much to list for this basic review of the software but suffice it to say that if theres something you want to turn on or off or customize, theres a 90% chance youll be able to do it within the settings.

You can even customize the scan parameters in the virus scan portion of the Smart Scan. Most computer users probably wont touch this or need to stray from the default settings, but advanced users will be thrilled with this.

Avast is available for PC, Mac, Android, iPhones and iPads, and even networked smart devices in your home. That makes Avast one of the most compatible software programs out there it covers most devices while many companies stop at just PC and Mac.

Each of these devices needs its own separate version of Avast, however, so unfortunately you cant just buy it once to cover all of your devices. However, youll only need to deal with and learn how to use one program if you want to get Avast security on all devices which is a time saver. Not many people want to learn how to use a bunch of different security software solutions.

Get Avast Internet Security

Avast Internet Security has two higher levels to choose from that will get you a few more bells and whistles. I recommend all the levels, as I think all their tools are useful. However, just ensure that you need the additional tools they offer and you dont already have something similar.

Check this link for Avasts comparison web page.

For Avast Premier, you get webcam spying protection, a file shredder (completely delete a file), and the ability to automatically update apps and software.

With Avast Ultimate you get everything from Premier plus a few other Avast software tools: Avast Cleanup Premium which helps clean up file clutter on your computer, Avast Secureline VPN which shields your location and provides an extra layer of security to your internet browsing, and Avast Passwords Premium which allows you to store your passwords and also warns you of password leaks.

In my opinion, Avast Ultimate is worth it just for the easy to use Secureline VPN, which is very useful. Personally, if you were thinking of upgrading from the basic level I would probably skip Premier and just get Ultimate and get everything.

We used Ultimate for this review so we could be sure to test all the features and be able to write them up. I will say that the SecureLine VPN service works very well and its worth the price. SecureLine VPN is available as a standalone product as well.

No matter what level you are interested in, Avasts line of security software comes highly recommended from me. I had a lot of fun reviewing this software and found it to be refreshing from the rest of the security software thats out there. No program will always protect you 100%, but picking one of the top line programs will give you the best shot at staying safe on the net, and Avast is up to that challenge.

We recommend going with Avast Internet Security or going all the way up to Avast Ultimate.

Get Avast Internet Security

Get Avast Ultimate

These days you can’t be too careful with your computer security setup. With more and more of our daily transactions happening online, it’s very important to ensure that your computer is protected from the wide array of threats that are circulating on the internet. In thisAvast Internet Securityreview we cover one of the more popular software programs designed to protect your computer. We get a lot of emails from people asking whether or not this software is worth the cost, so we figured an in-depth review was in order. A quick note about versions: this review covers Avast Internet Security,

Avast Internet Security Review 2018

Avast Internet Security Review 2018

2018-04-19

Bill Gordon

Ease Of Use

Effectiveness

Interface / Design

Speed

Customer Support

Features

Excellent!

Avast Internet Security is an easy to use and powerful software suite that enables you to stay one step ahead of internet criminals as well as viruses and malware. For PC, Mac, Android, and iOS

Threats on the Internet are getting better at penetrating computer systems. Hackers and cybercriminals are developing malicious software that can damage anything from personal computers to mainframes running an entire company. That is why it is necessary to put security layers in place. However, there are several types of security applications. It can be quite confusing for anyone unfamiliar with such programs. Specifically, many experts recommended installing an antivirus program and Internet security.

But, what’s the difference between the two? Aren’t they the same?

A heuristic is a method of monitoring and evaluation the activities of an application. The antivirus will then decide if it behaves like a virus or not. It will notify the user of any suspicious activities on the computer along with suggested actions. While it is not 100% accurate, this method allows security experts and developers to keep up with the rapidly increasing number of virus online.

Antivirus applications provide a specific security function: protect your computer from virus. Because of this, it can run in the background without any significant effect on the computer’s performance. It uses a small amount of memory and CPU. Most of the time, users set their antivirus programs to run immediately during boot. Scheduled scans and updates are also recommended to make sure that your antivirus has the latest virus signatures.

What is an Internet Security?

The firewall protects real-time attacks by filtering any suspicious threats from the Internet and network. The anti-malware and anti-spyware aim to protect the computer against threats which are entirely different from a virus. Malware and spyware are programs which can damage the computer, steal sensitive information, and even hold your system hostage for a ransom.

Internet security suites make it easy to track and monitor your computer’s security health. Some even aim to become total computer solutions by including tools such as defragmenting tools, memory cleanup apps, uninstaller, and network monitoring tools, which makes it easy to maintain your computer’s health in one place.

However, running an internet security suite takes more computing power than antivirus programs. It still depends on your system. But, older computers may find it challenging to keep Internet security suites running in the background. It demands more memory which slows down some applications and computer functions significantly.

Antivirus Vs Internet Security

Where does anti-malware fit in all of these? As mentioned above, most Internet security come with anti-malware programs as its core function. However, anti-malware programs can also offer multiple services. An excellent example is MalwareFox. It includes features which strengthen your computer security, Aside from scanning for malware, it also has ransomware protection. It protects your system from dangerous ransomware that aims to extort money from you.

MalwareFox also cleans your browser which provides better and faster browsing performance. It also protects your system by analyzing suspicious files and promptly blocks them. The Zero-Day Attack Protection ensures that your system is protected even from the unknown threats. More importantly, unlike Internet security suites, it is light enough to run in the background without affecting your system. MalwareFox can also scan your system in less than five minutes using its Smart Scan Mode.

Anti-malware is a perfect tool for those wanting to have additional protection to run alongside antivirus programs. It is also lighter than total security suites so that you can run it in the background. Most come with features that you will regularly use as your main security functions.

Experts suggest downloading a primary antivirus program. Then, download a secondary solution which can handle most of your security needs. It depends on your needs and what you do online. Anti-malware is appropriate for basic users. Advanced users who download files often, visit various websites and receive a lot of emails may consider Internet security suites at those offer more layers of protection.

Identity Theft Protection provides you with 24/7 credit monitoring and instant access to your credit report and credit score. It also provides you with SSN monitoring that alerts you when activities or changes take place using your Social Security Number. Our Identity Theft Protection also includes CyberGuard, which monitors known criminal websites for illegal trading of personal information. Other features include: change of address monitoring, non-credit loans monitoring, restoration services, and one million dollar insurance.

Online Data Backup keeps a copy of all of your most important files so you never lose them. It also allows you to share files with your family and friends and access and organize your files from anywhere.